Data storage and api

As a developer you might want to use the data gathered by your local WhatsSpy Public for other (educational) purposes. This page will describe what API calls are available and where the data is stored.

Where is the data stored?

The contacts, online times, groups etc are all stored in the Postgres database. You configured the database in api/config.php under $dbAuth. The database name is whatsspy and the schema name is public (default in postgres). If you would like to use this database for information you can connect to it using the same login information as stated in the $dbAuth.

The following tables exist:

accounts

groups

lastseen_privacy_history

profilepic_privacy_history

accounts_to_groups

profilepicture_history

status_history

statusmessage_history

statusmessage_privacy_history

tracker_history

whatsspy_config (one row with instance information)

If you want to inspect the database structure in more detail you can look at the generation script or the database itself with for example PgAdmin.

API calls

All these calls need the URL to your WhatsSpy Public instance in front (eg http://mydomain.com/whatsspy/). Replace the [1] in the urls with the values that you desire. Please note that the login function returns a SessionID that you need to resend with every request.

The WebUI that you use, uses the exact same calls. You can view these API calls by using Developers tools in your webbrowser. Remember to remove any parameters that you don't want to set (leaving these in will cause the value to be set to an empty string or null)!

Login

api/?whatsspy=doLogin&password=[1]

Login to WhatsSpy Public as a client.

[1]required: password used to login to the WebUI.

Note: not required to call when password is set to false in config.php

Contact: Add new one

api/?whatsspy=addContact&number=[1]&countrycode=[2]&name=[3]

Add a new contact to be verified by the tracker and tracked.

[1]required: local phonenumber (excluding the country code)

[2]required: countrycode

[3]optional: name for the contact (optional means you need to remove &name=.. from the URL otherwise the name will be '')

Contact: Set inactive

api/?whatsspy=setContactInactive&number=[1]

Set a contact inactive. This means the tracker will no longer track the person but all the information stays in the database.

[1]required: countrycode + local phonenumber (stripped any prefix 0's in front of countrycode and local phonenumber).

Contact: Delete contact

api/?whatsspy=deleteContact&number=[1]

Delete a contact and all the relevant information.

[1]required: countrycode + local phonenumber (stripped any prefix 0's in front of countrycode and local phonenumber).

Contact: generate token

Generate an user token to share the users profile. There can be only one valid token at a time. Generating a new one will invalidate all previous tokens.

[1]required: countrycode + local phonenumber (stripped any prefix 0's in front of countrycode and local phonenumber).

Contact: reset token

api/?whatsspy=resetToken&number=[1]

Reset the token, this means that no-one will be able to see the shared profile.

[1]required: countrycode + local phonenumber (stripped any prefix 0's in front of countrycode and local phonenumber).

Contact: Get profilepicture

api/?whatsspy=getProfilePic&hash=[1]&token=[2]

Get the profile picture of an contact.

[1]required: Users profilepicture hash (can be obtained to query for details of a contact or the getStats).

[2]optional: Token authentication (used if cannot doLogin because you are an external visitor without the password).

Contact: Get all user details

api/?whatsspy=getContactStats&number=[1]&token=[2]

Get all relevant information of a specific user.

[1]required: countrycode + local phonenumber (stripped any prefix 0's in front of countrycode and local phonenumber).

[2]optional: Token authentication (used if cannot doLogin because you are an external visitor without the password). NOTE: This output differs than the information you get from a normal doLogin (information like phonenumbers is missing).

General: Get overview information

api/?whatsspy=getStats&token=[1]

Get the overview information (as used by the WebUI).

[1]optional: Token authentication (used if cannot doLogin because you are an external visitor without the password). NOTE: This output differs than the information you get from a normal doLogin (information like phonenumbers and other contacts is missing).